Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3268: Fixed an out of bounds flaw in relay_file_read_start_pos in kernel/relay.c that allowed a local attacker to crash the system or leak kernel internal information (bsc#1212502).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
The following non-security bugs were fixed:
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Move setting %%build_html to config.sh
- Move setting %%split_optional to config.sh
- Move setting %%supported_modules_check to config.sh
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise High Availability Extension 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Live Patching 15 SP1
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
openSUSE Leap 15.4
openSUSE Leap 15.5
Ссылки
- Link for SUSE-SU-2023:2830-1
- E-Mail link for SUSE-SU-2023:2830-1
- SUSE Security Ratings
- SUSE Bug 1160435
- SUSE Bug 1198400
- SUSE Bug 1208604
- SUSE Bug 1209039
- SUSE Bug 1209779
- SUSE Bug 1210533
- SUSE Bug 1211449
- SUSE Bug 1212051
- SUSE Bug 1212128
- SUSE Bug 1212129
- SUSE Bug 1212154
- SUSE Bug 1212158
- SUSE Bug 1212501
- SUSE Bug 1212502
- SUSE Bug 1212606
- SUSE Bug 1212842
- SUSE CVE CVE-2023-1079 page
Описание
A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.
Затронутые продукты
Ссылки
- CVE-2023-1079
- SUSE Bug 1208604
Описание
A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.
Затронутые продукты
Ссылки
- CVE-2023-1249
- SUSE Bug 1209039
Описание
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.
Затронутые продукты
Ссылки
- CVE-2023-1637
- SUSE Bug 1209779
Описание
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Затронутые продукты
Ссылки
- CVE-2023-2002
- SUSE Bug 1210533
- SUSE Bug 1210566
Описание
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.
Затронутые продукты
Ссылки
- CVE-2023-3090
- SUSE Bug 1212842
- SUSE Bug 1212849
- SUSE Bug 1214128
- SUSE Bug 1219701
Описание
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
Затронутые продукты
Ссылки
- CVE-2023-3111
- SUSE Bug 1212051
- SUSE Bug 1220015
Описание
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
Затронутые продукты
Ссылки
- CVE-2023-3141
- SUSE Bug 1212129
- SUSE Bug 1215674
Описание
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
Затронутые продукты
Ссылки
- CVE-2023-3159
- SUSE Bug 1212128
- SUSE Bug 1212347
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1215674
Описание
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
Затронутые продукты
Ссылки
- CVE-2023-3161
- SUSE Bug 1212154
- SUSE Bug 1215674
Описание
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
Затронутые продукты
Ссылки
- CVE-2023-3268
- SUSE Bug 1212502
- SUSE Bug 1215674
Описание
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
Затронутые продукты
Ссылки
- CVE-2023-3358
- SUSE Bug 1212606
Описание
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
Затронутые продукты
Ссылки
- CVE-2023-35824
- SUSE Bug 1212501
- SUSE Bug 1215674